Wireless LAN Security

Published on Dec 06, 2015

Abstract

Wireless local area networks (WLANs) based on the Wi-Fi (wireless fidelity) standards are one of today's fastest growing technologies in businesses, schools, and homes, for good reasons. They provide mobile access to the Internet and to enterprise networks so users can remain connected away from their desks. These networks can be up and running quickly when there is no available wired Ethernet infrastructure.

They can be made to work with a minimum of effort without relying on specialized corporate installers.

Some of the business advantages of WLANs include:

" Mobile workers can be continuously connected to their crucial applications and data;

" New applications based on continuous mobile connectivity can be deployed;

" Intermittently mobile workers can be more productive if they have continuous access to email, instant messaging, and other applications;

" Impromptu interconnections among arbitrary numbers of participants become possible.

" But having provided these attractive benefits, most existing WLANs have not effectively addressed security-related issues.

THREATS TO WLAN ENVIRONMENTS

All wireless computer systems face security threats that can compromise its systems and services. Unlike the wired network, the intruder does not need physical access in order to pose the following security threats:

Eavesdropping

This involves attacks against the confidentiality of the data that is being transmitted across the network. In the wireless network, eavesdropping is the most significant threat because the attacker can intercept the transmission over the air from a distance away from the premise of the company.

Tampering

The attacker can modify the content of the intercepted packets from the wireless network and this results in a loss of data integrity.

Unauthorized access and spoofing

The attacker could gain access to privileged data and resources in the network by assuming the identity of a valid user. This kind of attack is known as spoofing. To overcome this attack, proper authentication and access control mechanisms need to be put up in the wireless network

Denial of Service

In this attack, the intruder floods the network with either valid or invalid messages affecting the availability of the network resources. The attacker could also flood a receiving wireless station thereby forcing to use up its valuable battery power.

Other security threats

The other threats come from the weakness in the network administration and vulnerabilities of the wireless LAN standards, e.g. the vulnerabilities of the Wired Equivalent Privacy (WEP), which is supported in the IEEE 802.11 wireless LAN standard

AUTHENTICATION AND ACCESS CONTROL

Authentication is the foundation technology for protecting networks, servers, client systems, data, and applications from improper disclosure, tampering, destruction, and other forms of interference. The essence of an authentication system is discovering and confirming the identity of a person, an organization, a device, or more generally, of any software process on the network.

In the non-digital world, we readily authenticate people we know personally by their appearance or the sound of their voice on the phone, and we authenticate people we don’t know personally by examining their documents, such as photo IDs. In the digital world, software processes exchange data at a sort of least common denominator level without these physical clues, and authenticating the identification of a person bound to a software process is a tricky problem.

Users can be authenticated by something they know, something they have, or something they are. The most common example of “something you know” is the traditional user ID and password combination. A common example of “something you have” is an access card that is swiped through a card reader. “Something you are” can be established with fingerprint readers, retinal scanners, facial recognition systems, and hand geometry analyzers.

Authentication provides a greater or lesser degree of assurance that users are who they say they are, but in itself it doesn’t control access to network resources. Access control is the job of authorization systems. Authorization can be thought of as a grid with each network resource along the x-axis and each user (or other entity) along the y-axis. At each intersecting cell, a list of privileges is created